Well, somewhere has to be a NAT if your external interface uses a private IP ...

But what's witch the routes? Have all devices between the ASA and your internet-router a route back to the internal network?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hi sorry about the confusion, we have replaced dumy ip's on our config (with the exception of internal interface) so that we would not post our actual ip's but the rest of the config is exactly as is on our asa, we are using a static public ip from our ISP provider. This's a new setup we have a small switch between our laptop and the internal interface in our labtop we have set an ip address of 192.168.0.2 and gateway of 192.168.0.1(asa). i can ping internal interface of asa.

Then you have to setup NAT on the ASA. One way to configure that is the following:

nat (any,Ext) after-auto source dynamic any interface

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Thanks for your help and prompt response,it worked, can you also please help in allowing ping from internal to ext interface.

policy-map global_policy

class inspection_default

  inspect icmp

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

thanks i will try this in the morning.

hi the command worked by allowing me to ping ext interface but not dmz, but more importantly i'm still having issues with nating i want to allow a server on my Internal to communicate with a server on my dmz over a specific port (i.e 5555) and vice versa from outside i can connect to the dmz server over https. here is my config, i have only replaced the ips with dumy ip's

ASA Version 8.4(2)

!

hostname Cisco-FW

enable password otJaxP2LrPGCkYkU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0/0

nameif Ext

security-level 0

ip address 212.1.1.2 255.255.255.240

!

interface GigabitEthernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 192.168.2.10 255.255.255.248

!

interface GigabitEthernet0/3

nameif Int

security-level 100

ip address 10.168.1.1 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 10.168.1.15 252 255.255.255.0

management-only

!

ftp mode passive

dns domain-lookup Ext

dns server-group DefaultDNS

name-server 2.2.2.2

name-server 3.3.3.3

object network Dmz_outside

subnet 0.0.0.0 0.0.0.0

object network Traveler-from-outside

host 192.168.2.1

object network Traveler-from-inside

host 192.168.2.1

access-list OutsidetoDMZ extended permit tcp any host 192.168.2.1 eq https

access-list DMZ_access_in extended permit tcp object Int-Mail host 192.168.2.1 eq lotusnotes

pager lines 24

logging asdm informational

mtu Ext 1500

mtu DMZ 1500

mtu Int 1500

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

icmp permit any Int

no asdm history enable

arp timeout 14400

!

object network Dmz_outside

nat (DMZ,Ext) dynamic interface

object network Traveler-from-outside

nat (DMZ,Ext) static 212.1.1.3 service tcp https https

object network Traveler-from-inside

nat (DMZ,Int) static 212.1.1.3 service tcp https https

!

nat (any,Ext) after-auto source dynamic any interface

access-group OutsidetoDMZ in interface Ext

access-group DMZ_access_in in interface DMZ

route Ext 0.0.0.0 0.0.0.0 212.1.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:6afc555ee13fa87dd87a61a1f774beed

: end